Installing debian gnu Linux on pc engine alix1d

Kerim Teboulbi

Switzernet

2008-12-01

Create CD.. 1

OS Installation. 2

Install some utilities. 25

Alias IP.. 27

Keep files in RAM.. 31

This document explains how to install debian etch (last stable version) on a pc engine alix1d. For installing this version of aix1d you need of course an alix1d, a keyboard, a screen and an external cd device. You can download all the configuration file [public version] and [complete version].

[Create_CD]Create CD

Download the file incase you don't have the CD of the stable version (4.0r5). If you have it you can go to OS Installation. The processor of the alix1d is i386 compatible, so choose this kind of processor when selecting which CD you're going to use. With the script we will use later we couldn't download the latest stable version of debian from: http://www.debian.org/CD/http-ftp/, because we will have problems with the version of the kernel. For this document we used the debian etch (4.0 r 5) with the network install you can download a copy from here [iso].

Burn the iso with Nero or any other burning program.

Select Burn Image to disc, than select the iso file, and click on burn, to start burning the iso file.

[Os_installation] OS Installation

Connect your screen and keyboard to the alix1d. To restart (if needed) press Ctrl+alt+del. Then start it and press on del(when you see the screen bellow) to enter in the setup to change the boot sequence.

Go with down arrow to Advanced BIOS Features, and press enter.

Select CDROM as First Boot Device, and Hard Disk as second.

Go to First Boot Device and press Enter.

Select CDROM with the up/down arrow and press Enter

Go to Second Boot Device and press Enter.

Select Hard Disk with the up/down arrow and press Enter

Put the CD on the device and press F10, then you will see next screen. You should see Y, and press enter if you don’t try to press Z.

When you restart the computer you will see this screen, just press enter.

Language selection: choose English and press enter.

In the two Next screen, we will choose Switzerland, but it's not on the first page, also choose other, and then Switzerland (it's at end of – Europe --).

Select Swiis French keyboard (because we are using a swiss french keyboard).

Before changing screen, you have to wait approximately 3 minutes.

Enter SwitzernetPBX for the name of the computer and press enter.

Just press enter, because we don't use Asterisk on Internet.

Be careful, don't install a swap file on this computer(because we are using flash memory card and not hard drive). When the installation program tell you to choose the partition don't choose a guided one but Manual. Be carefull in the next twelve print screens. Go slowly.

Select manual.

Select the hard drive, and press enter.

Erase the actual partition, if you have one.

Select the free space and press enter.

Create a new partition.

Press enter, by default it's the biggest size possible.

Select Primary partition, and press enter.

Press enter on the bootable flag, it should change to on.

Apply the settings for this partition.

Press enter on "Finish partitioning and write changes to the disk".

Confirm that we will erase the entire current disk.

Move to yes and press enter. The program installation ask this part, because it's unusal to install a system without swap. But we want this specific installation.

Now enter qwertz for the password. Then press enter. We will change it later.

Re-enter your password(qwertz), and press enter

It's imperative to create a new user. So will name it switzernet, it will ask you two username (full name and username) just put twice switzernet.

Put the same password than root (qwertz).

Re-confirm your user password (qwertz).

Now the installer will install the base system, it takes about 5 minutes.

Select yes, to configure the package manager.

Select a mirror in Switzerland.

Select mirror.switch.ch

Let empty the information about the proxy.

Select no and press enter.

Press space to unselect "Desktop environement". We only need a Standard system. You can see the two screens below:

This part take is quite long. About 15 minutes. (here just 2 screen to see that the software is installing).

Select yes and enter.

Remove the CD and press enter to continue.

[Install_utilities]Install some utilities

No we should first connect on the server:

When the system asks you the login write root press enter and wait until it ask you your password, enter it. It's normal that you don't see anything just write you're password and enter.

Some utilities should be interesting like a ssh server or the ngrep command (to listen the network)

Before installing some program you should remove the cdrom from the source, edit the file /etc/apt /sources.list

You should add a # before line starting by deb cdrom

SwitzernetPBX:~# nano /etc/apt/sources.list

If you don’t know how to use nano just have a look here : http://mintaka.sdsu.edu/reu/nano.html

^ mean press on Ctrl. Also exit by pressing Ctrl X.

It will ask you to save changes Write Y and then Enter twice.

Now install openssh-server

SwitzernetPBX:~# aptitude install openssh-server

Reading package lists... Done

Building dependency tree... Done

Reading extended state information

Initializing package states... Done

Reading task descriptions... Done

Building tag database... Done

The following NEW packages will be automatically installed:

openssh-blacklist

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

openssh-blacklist openssh-server

0 packages upgraded, 2 newly installed, 0 to remove and 1 not upgraded.

Need to get 2346kB of archives. After unpacking 4686kB will be used.

Do you want to continue? [Y/n/?] y

Writing extended state information... Done

0% [Working]

Get:1 http://mirror.switch.ch etch/main openssh-blacklist 0.1.1 [2122kB]

0% [1 openssh-blacklist 0/2122kB 0%]

13% [1 openssh-blacklist 326180/2122kB 15%]

28% [1 openssh-blacklist 660688/2122kB 31%]

42% [1 openssh-blacklist 995196/2122kB 46%]

56% [1 openssh-blacklist 1329704/2122kB 62%]

70% [1 openssh-blacklist 1662824/2122kB 78%]

85% [1 openssh-blacklist 1997332/2122kB 94%]

90% [Waiting for headers]

Get:2 http://mirror.switch.ch etch/main openssh-server 1:4.3p2-9etch3 [224kB]

90% [2 openssh-server 0/224kB 0%]

100% [Working]

Fetched 2346kB in 3s (650kB/s)

Preconfiguring packages ...

Selecting previously deselected package openssh-blacklist.

(Reading database ... 18440 files and directories currently installed.)

Unpacking openssh-blacklist (from .../openssh-blacklist_0.1.1_all.deb) ...

Selecting previously deselected package openssh-server.

Unpacking openssh-server (from .../openssh-server_1%3a4.3p2-9etch3_i386.deb) ...

Setting up openssh-blacklist (0.1.1) ...

Setting up openssh-server (4.3p2-9etch3) ...

Creating SSH2 RSA key; this may take some time ...

Creating SSH2 DSA key; this may take some time ...

Restarting OpenBSD Secure Shell server: sshd.

Now install ngrep

SwitzernetPBX:~# aptitude install ngrep

Reading package lists... 0%

Reading package lists... Done

Building dependency tree... Done

Reading extended state information

Initializing package states... Done

Writing extended state information... Done

Reading task descriptions... Done

Building tag database... Done

The following NEW packages will be automatically installed:

libpcap0.8

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

libpcap0.8 ngrep

0 packages upgraded, 2 newly installed, 0 to remove and 1 not upgraded.

Need to get 119kB of archives. After unpacking 266kB will be used.

Do you want to continue? [Y/n/?] y

Writing extended state information... Done

0% [Working]

Get:1 http://mirror.switch.ch etch/main libpcap0.8 0.9.5-1 [89.5kB]

0% [1 libpcap0.8 0/89.5kB 0%]

75% [Working]

Get:2 http://mirror.switch.ch etch/main ngrep 1.44-3 [29.7kB]

75% [2 ngrep 0/29.7kB 0%]

100% [Working]

Fetched 119kB in 0s (377kB/s)

Selecting previously deselected package libpcap0.8.

(Reading database ... 18457 files and directories currently installed.)

Unpacking libpcap0.8 (from .../libpcap0.8_0.9.5-1_i386.deb) ...

Selecting previously deselected package ngrep.

Unpacking ngrep (from .../archives/ngrep_1.44-3_i386.deb) ...

Setting up libpcap0.8 (0.9.5-1) ...

Setting up ngrep (1.44-3) ...

Now we have installed a ssh server we can continue all the configuration from the same computer using putty:

You should have the actual IP address:

SwitzernetPBX:~# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:0D:B9:0D:45:84

inet addr:192.168.1.55 Bcast:255.255.255.255 Mask:255.255.255.0

inet6 addr: fe80::20d:b9ff:fe0d:4584/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:2862 errors:0 dropped:0 overruns:0 frame:0

TX packets:1938 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:245971 (240.2 KiB) TX bytes:1917453 (1.8 MiB)

Interrupt:11 Base address:0xfc00

As IP address you shut put the inet address (3 line, red on this page).

Connect with root user:

Write the password(qwertz), when you write you will see nothing in the screen it is normal.

If you see this message just click Yes :

[Change_password] Change password

Now copy the root password from the information mail and write this command, when you see " Enter new UNIX password:" or " Retype new UNIX password:". Just click right once on putty (to passt) and press enter. It's normal that you see anything changing.

SwitzernetPBX:~# passwd

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

Change the Switzernet password you can still pass the password with right click and press enter.

SwitzernetPBX:~# passwd switzernet

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

[Alias_IP] Alias IP

We need two IP address, but we have just one Ethernet interface. We create a virtual address, which will be static (so we know the IP address to connect from the phone):

The /etc/network/interfaces file should be like this [txt], you can download it with this command:

SwitzernetPBX:~# wget -O /etc/network/interfaces http://switzernet.com/public/081201-install-debian-alix1d/index_files/interfaces.txt

--11:18:05-- http://switzernet.com/public/081201-install-debian-alix1d/index_files/interfaces.txt

=> `/etc/network/interfaces'

Resolving switzernet.com... 62.2.195.69

Connecting to switzernet.com|62.2.195.69|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 440 [text/plain]

100%[====================================>] 440 --.--K/s

11:18:05 (8.12 MB/s) - `/etc/network/interfaces' saved [440/440]

You can check that the file is correct:

SwitzernetPBX:~# cat /etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

allow-hotplug eth0

auto eth0

iface eth0 inet dhcp

auto eth0:0

iface eth0:0 inet static

address 192.168.1.200

netmask 255.255.255.0

network 192.168.1.0

broadcast 192.168.1.255

gateway 192.168.1.1

To use it without restarting your computer, just restart the network devices:

SwitzernetPBX:~# /etc/init.d/networking restart

Reconfiguring network interfaces...There is already a pid file /var/run/dhclient.eth0.pid with pid 1624

killed old client process, removed PID file

Internet Systems Consortium DHCP Client V3.0.4

For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth0/00:0d:b9:0d:45:84

Sending on LPF/eth0/00:0d:b9:0d:45:84

Sending on Socket/fallback

DHCPRELEASE on eth0 to 192.168.1.1 port 67

SIOCDELRT: No such device

Internet Systems Consortium DHCP Client V3.0.4

For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth0/00:0d:b9:0d:45:84

Sending on LPF/eth0/00:0d:b9:0d:45:84

Sending on Socket/fallback

DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7

DHCPOFFER from 192.168.1.1

DHCPREQUEST on eth0 to 255.255.255.255 port 67

DHCPACK from 192.168.1.1

bound to 192.168.1.55 -- renewal in 39185 seconds.

done.

Write the command bellow to check if it's ok (compare the result with this result).

SwitzernetPBX:~# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0D:B9:0D:41:B8

inet addr:192.168.1.xx Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::20d:b9ff:fe0d:41b8/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:18860 errors:0 dropped:0 overruns:0 frame:0

TX packets:16051 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3527065 (3.3 MiB) TX bytes:6362752 (6.0 MiB)

Interrupt:11 Base address:0xfc00

eth0:0 Link encap:Ethernet HWaddr 00:0D:B9:0D:41:B8

inet addr:192.168.1.200 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:11 Base address:0xfc00

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:14321 errors:0 dropped:0 overruns:0 frame:0

TX packets:14321 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1645677 (1.5 MiB) TX bytes:1645677 (1.5 MiB)

[Keep_RAM] Keep files in RAM

To avoid damaging the compactflash card too quickly (write cycles are limited), we will keep the logs in RAM, and write them to the flash only at shutdown. For this we create a RAM file system (tmpfs) mounted at /var/log and add an init script to copy the contents at startup/shutdown. The same is done for directories /var/tmp, but here we do not keep the contents.

SwitzernetPBX:~# mkdir /var/disk-log

SwitzernetPBX:~# chmod 777 /var/disk-log/

SwitzernetPBX:~# rm -r /tmp/

SwitzernetPBX:~# ln -s /var/tmp/ /tmp

The RAM file systems are declared in /etc/fstab [txt], with this command you can download it directly from our server:

SwitzernetPBX:~# wget -O /etc/fstab http://switzernet.com/public/081201-install-debian-alix1d/index_files/fstab.txt

--11:30:52-- http://switzernet.com/public/081201-install-debian-alix1d/index_files/fstab.txt

=> `/etc/fstab'

Resolving switzernet.com... 62.2.195.69

Connecting to switzernet.com|62.2.195.69|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 402 [text/plain]

100%[====================================>] 402 --.--K/s

11:30:52 (18.97 MB/s) - `/etc/fstab' saved [402/402]

SwitzernetPBX:~# cat /etc/fstab

# /etc/fstab: static file system information.

# <file system> <mount point> <type> <options> <dump> <pass>

proc /proc proc defaults 0 0

/dev/hda1 / ext3 defaults,errors=remount-ro 0 1

/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0

tmpfs /var/tmp tmpfs size=96M 0 0

tmpfs /var/log tmpfs size=96M 0 0

The simple script that will copy the log files from disk to RAM is as follows [txt]:

SwitzernetPBX:~# wget -O /etc/init.d/ramfs-log http://switzernet.com/public/081201-install-debian-alix1d/index_files/ramfs-log.txt

--11:39:55-- http://switzernet.com/public/081201-install-debian-alix1d/index_files/ramfs-log.txt

=> `/etc/init.d/ramfs-log'

Resolving switzernet.com... 62.2.195.69

Connecting to switzernet.com|62.2.195.69|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 849 [text/plain]

100%[====================================>] 849 --.--K/s

11:39:55 (37.86 MB/s) - `/etc/init.d/ramfs-log' saved [849/849]

With this command check that the file was downloaded in the right place :

SwitzernetPBX:~# cat /etc/init.d/ramfs-log

#! /bin/sh

### BEGIN INIT INFO

# Provides: ramfs

# Required-Start: mountall

# Required-Stop:

# Default-Start: S

# Default-Stop:

# Short-Description: copy /var/log content in ramdisk

# Description: copy /var/log content in ramdisk

### END INIT INFO

case "$1" in

start)

if ! [ -h /tmp ]; then

rm -r /tmp/

mkdir –p /var/tmp

ln -s var/tmp/ /tmp

echo "Copying /var/log contents to ramdisk"

cp -a /var/disk-log/* /var/log/

;;

stop)

echo "Copying /var/log contents to disk"

mkdir –p /var/disk-log/

chmod 777 /var/disk-log/

cp -a /var/log/* /var/disk-log/

;;

echo "Usage: ramfs-log [start|stop]" >&2

exit 3

;;

esac

Write this command to put the script executable:

SwitzernetPBX:~# chmod a+x /etc/init.d/ramfs-log

Now we must add the script in the correct order in the boot/shutdown sequence. See http://www.debian-administration.org/articles/212 for description of the runlevels.

SwitzernetPBX:~# ls /etc/rcS.d/

README S12mtab.sh S39ifupdown

S01glibc.sh S18ifupdown-clean S40networking

S02hostname.sh S20module-init-tools S43portmap

S02mountkernfs.sh S25libdevmapper1.02 S45mountnfs.sh

S03udev S30checkfs.sh S46mountnfs-bootclean.sh

S04mountdevsubfs.sh S30procps.sh S48console-screen.sh

S05bootlogd S35mountall.sh S55bootmisc.sh

S05keymap.sh S36mountall-bootclean.sh S55urandom

S10checkroot.sh S36udev-mtab S70x11-common

S11hwclock.sh S99stop-bootlogd-single

We should find udev-mtab, and see which number sequence it have to add the right sequence start. Replace XX by the good number. If udev-mtab start with S36. We should start at sequence 37 in the S runlevel to launch it as soon as possible in the boot sequence (after the partitions are mounted). For the shutdown/reboot, we add it with sequence 99 to execute last. It is probably not the right way to do, but works fine for our usage. In the command below you should replace ?? by the good boot sequence. Copy paste all the line and replace the ?? afterward (don’t forget the . at the end of the line).

SwitzernetPBX:~# cd /etc/init.d/

SwitzernetPBX:/etc/init.d/# update-rc.d ramfs-log start ?? S . stop 99 0 1 6 .

Adding system startup for /etc/init.d/ramfs-log ...

/etc/rc0.d/K99ramfs-log -> ../init.d/ramfs-log

/etc/rc1.d/K99ramfs-log -> ../init.d/ramfs-log

/etc/rc6.d/K99ramfs-log -> ../init.d/ramfs-log

/etc/rcS.d/S37ramfs-log -> ../init.d/ramfs-log

SwitzernetPBX:/etc/init.d/# ls /etc/rcS.d/

README S12mtab.sh S39ifupdown

S01glibc.sh S18ifupdown-clean S40networking

S02hostname.sh S20module-init-tools S43portmap

S02mountkernfs.sh S25libdevmapper1.02 S45mountnfs.sh

S03udev S30checkfs.sh S46mountnfs-bootclean.sh

S04mountdevsubfs.sh S30procps.sh S48console-screen.sh

S05bootlogd S35mountall.sh S55bootmisc.sh

S05keymap.sh S36mountall-bootclean.sh S55urandom

S10checkroot.sh S36udev-mtab S70x11-common

S11hwclock.sh S37ramfs-log S99stop-bootlogd-single

SwitzernetPBX:/etc/init.d/# cd ~

The system will now automatically copy the logs at boot/shutdown/reboot.

Remark: We choose position 37 of the S runlevel because file systems are mounted at positions 35 to 37. This can be different depending on the Linux distribution, etc.

Reboot the computer with the following command:

SwitzernetPBX:~# reboot

[OpenVPN] OpenVPN client

Here we are just going to configure an openVPN client, for more information about OpenVPN client [go].

Before installing openvpn, we install openssl, which is not installed as dependency in this install

SwitzernetPBX:~# aptitude install openssl

Reading package lists... Done

Building dependency tree... Done

Reading extended state information

Initializing package states... Done

Reading task descriptions... Done

Building tag database... Done

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

openssl

0 packages upgraded, 1 newly installed, 0 to remove and 1 not upgraded.

Need to get 1001kB of archives. After unpacking 2273kB will be used.

Writing extended state information... Done

Get:1 http://mirror.switch.ch etch/main openssl 0.9.8c-4etch3 [1001kB]

Fetched 1001kB in 1s (613kB/s)

Selecting previously deselected package openssl.

(Reading database ... 18476 files and directories currently installed.)

Unpacking openssl (from .../openssl_0.9.8c-4etch3_i386.deb) ...

Creating directory /etc/ssl

Setting up openssl (0.9.8c-4etch3) ...

Install openVPN

SwitzernetPBX:~# aptitude install openvpn

Reading package lists... Done

Building dependency tree... Done

Reading extended state information

Initializing package states... Done

Reading task descriptions... Done

Building tag database... Done

The following NEW packages will be automatically installed:

liblzo2-2

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

liblzo2-2 openvpn

0 packages upgraded, 2 newly installed, 0 to remove and 1 not upgraded.

Need to get 397kB of archives. After unpacking 1114kB will be used.

Do you want to continue? [Y/n/?] Y

Writing extended state information... Done

Get:1 http://mirror.switch.ch etch/main liblzo2-2 2.02-2 [59.5kB]

Get:2 http://mirror.switch.ch etch/main openvpn 2.0.9-4etch1 [338kB]

Fetched 397kB in 1s (317kB/s)

Preconfiguring packages ...

Selecting previously deselected package liblzo2-2.

(Reading database ... 28287 files and directories currently installed.)

Unpacking liblzo2-2 (from .../liblzo2-2_2.02-2_i386.deb) ...

Selecting previously deselected package openvpn.

Unpacking openvpn (from .../openvpn_2.0.9-4etch1_i386.deb) ...

Setting up liblzo2-2 (2.02-2) ...

Setting up openvpn (2.0.9-4etch1) ...

Starting virtual private network daemon:.

openVPN is installed on the computer, we should modify the configuration file to connect to our vpn server. For not creating all the vpn configuration file we are going to copy and edit the sample of a client.

SwitzernetPBX:~# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/openvpn.conf

We should edit the configuration file, we have 3 modifications to do. First the remote access, to which server should we connect. Be careful with which certificate you are downloading.

SwitzernetPBX:~# cd /etc/openvpn/

SwitzernetPBX:/etc/openvpn# ftp unappel.ch

Connected to unappel.ch.

220 anaconda05 Ready.

Name (unappel.ch:root): certificate

331 Password required for certificate

Password:

230 User certificate logged in.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

drwxr-xr-x 2 certificate ftpuser 4096 Jan 13 08:55 .

drwxr-xr-x 2 certificate ftpuser 4096 Jan 13 08:55 ..

-rw-r--r-- 1 certificate ftpuser 1249 Jan 13 08:55 ca.crt

-rw-r--r-- 1 certificate ftpuser 3849 Jan 13 08:55 VOIP02x550xxxxonxxxxxxxx.crt

-rw-r--r-- 1 certificate ftpuser 887 Jan 13 08:55 VOIP02x550xxxxonxxxxxxxx.key

ftp> get VOIP02X550XXXXonXXXXXXXX.crt

local: VOIP0225500125on20071212.crt remote: VOIP0225500125on20071212.crt

200 PORT command successful

150 Opening BINARY mode data connection for VOIP0225500125on20071212.crt (3849 bytes)

226 Transfer complete

3849 bytes received in 0.01 secs (625.2 kB/s)

ftp> get VOIP02X550XXXXonXXXXXXXX.key

local: VOIP0225500125on20071212.key remote: VOIP0225500125on20071212.key

200 PORT command successful

150 Opening BINARY mode data connection for VOIP0225500125on20071212.key (887 bytes)

226 Transfer complete

887 bytes received in 0.00 secs (486.1 kB/s)

ftp> get ca.crt

local: ca.crt remote: ca.crt

200 PORT command successful

150 Opening BINARY mode data connection for ca.crt (1249 bytes)

226 Transfer complete

1249 bytes received in 0.00 secs (543.1 kB/s)

ftp> exit

221 Goodbye.¨

SwitzernetPBX:/etc/openvpn# nano openvpn.conf

Find the line which start with remote to edit this line. So press Ctrl + w, then write remote and press enter.

The ip address of the vpn server is : 87.106.212.173

Go to the place where the certificate file are describe (serch .crt with ctrl +w)

Edit the two lines of the file with the good certificate name.

Save the file (Ctrl + x), then valid by pressing Y.

Confirm the path of the file, just by pressing enter.

SwitzernetPBX:/etc/openvpn# /etc/init.d/openvpn restart

Stopping virtual private network daemon: openvpn.

Starting virtual private network daemon: openvpn(OK).

SwitzernetPBX:/etc/openvpn# ifconfig tun0

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

SwitzernetPBX:/etc/openvpn# cd ~

[Squid] Squid

We may need a solution to reconfigure the phone if there are any problems. Also we will install a Web proxy which lets us access to the phone interface with a web browser as similar as we are by the clients.

SwitzernetPBX:~# aptitude install squid

Reading package lists... Done

Building dependency tree... Done

Reading extended state information Done

Initializing package states... Done

Writing extended state information... Done

Reading task descriptions... Done

Building tag database... Done

The following NEW packages will be automatically installed:

squid-common

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

squid squid-common

0 packages upgraded, 2 newly installed, 0 to remove and 1 not upgraded.

Need to get 1092kB of archives. After unpacking 6488kB will be used.

Do you want to continue? [Y/n/?] y

Writing extended state information... Done

0% [Working]

Get:1 http://mirror.switch.ch etch/main squid-common 2.6.5-6etch4 [437kB]

0% [1 squid-common 0/437kB 0%]

29% [1 squid-common 326428/437kB 74%]

40% [Working]

Get:2 http://mirror.switch.ch etch/main squid 2.6.5-6etch4 [655kB]

40% [2 squid 0/655kB 0%]

70% [2 squid 331844/655kB 50%]

100% [Working]

Fetched 1092kB in 1s (620kB/s)

Preconfiguring packages ...

Selecting previously deselected package squid-common.

(Reading database ... 18957 files and directories currently installed.)

Unpacking squid-common (from .../squid-common_2.6.5-6etch4_all.deb) ...

Selecting previously deselected package squid.

Unpacking squid (from .../squid_2.6.5-6etch4_i386.deb) ...

Setting up squid-common (2.6.5-6etch4) ...

Setting up squid (2.6.5-6etch4) ...

Creating squid spool directory structure

FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'

Squid Cache (Version 2.6.STABLE5): Terminated abnormally.

CPU Usage: 0.020 seconds = 0.020 user + 0.000 sys

Maximum Resident Size: 0 KB

Page faults with physical i/o: 0

/var/lib/dpkg/info/squid.postinst: line 133: 3253 Aborted /usr/sbin/squid -z

Restarting Squid HTTP proxy: squid33m*39;49m Creating squid spool directory structure

FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'

Squid Cache (Version 2.6.STABLE5): Terminated abnormally.

CPU Usage: 0.016 seconds = 0.012 user + 0.004 sys

Maximum Resident Size: 0 KB

Page faults with physical i/o: 0

/etc/init.d/squid: line 74: 3285 Aborted $DAEMON -z

FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'

Squid Cache (Version 2.6.STABLE5): Terminated abnormally.

CPU Usage: 0.024 seconds = 0.020 user + 0.004 sys

Maximum Resident Size: 0 KB

Page faults with physical i/o: 0

/etc/init.d/squid: line 74: 3287 Aborted start-stop-daemon --quiet --start --pidfile $PIDFILE --chuid $CHUID --exec $DAEMON -- $SQUID_ARGS </dev/null

failed!

The failed message is normal we should change the configuration file and restart it.

In the file we are going to desactive communication between this proxy and other proxy. (icp_port 0)

We will create a new acl which identify connection from our vpn to the proxy. We will create an authorization to our vpn to connect in the proxy. (acl vpn src 10.8.0.0/16 #new_line http_access allow vpn)

We will put a visible_hostname (without this option squid doesn't start). (visible_hostname SwitzernetPBX)

The entire thing to modify are merge in the config file, it's easier to copy it from our server [txt].

Here is the command to download it from Asterisk:

SwitzernetPBX:~# wget -O /etc/squid/squid.conf http://switzernet.com/public/081201-install-debian-alix1d/index_files/squid.conf.txt

--12:06:54-- http://switzernet.com/public/081201-install-debian-alix1d/index_files/squid.conf.txt

=> `/etc/squid/squid.conf'

Resolving switzernet.com... 62.2.195.69

Connecting to switzernet.com|62.2.195.69|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 149,033 (146K) [text/plain]

100%[====================================>] 149,033 570.19K/s

12:06:54 (568.47 KB/s) - `/etc/squid/squid.conf' saved [149033/149033]

SwitzernetPBX:~# /etc/init.d/squid restart

Restarting Squid HTTP proxy: squid* Creating squid spool directory structure

2009/01/07 13:38:12| Creating Swap Directories

[Msmtp] Msmtp

We may need sending mail, to send the voicemail for exemple, without configuring a mail server. Instead we will just install a small smtp client.

SwitzernetPBX:~# aptitude install msmtp

Reading package lists... Done

Building dependency tree... Done

Reading extended state information

Initializing package states... Done

Writing extended state information... Done

Reading task descriptions... Done

Building tag database... Done

The following NEW packages will be automatically installed:

libgsasl7

The following packages have been kept back:

linux-image-2.6.18-6-486

The following NEW packages will be installed:

libgsasl7 msmtp

0 packages upgraded, 2 newly installed, 0 to remove and 1 not upgraded.

Need to get 0B/178kB of archives. After unpacking 618kB will be used.

Do you want to continue? [Y/n/?] Y

Writing extended state information... Done

Preconfiguring packages ...

Selecting previously deselected package libgsasl7.

(Reading database ... 28341 files and directories currently installed.)

Unpacking libgsasl7 (from .../libgsasl7_0.2.12-1+b1_i386.deb) ...

Selecting previously deselected package msmtp.

Unpacking msmtp (from .../msmtp_1.4.9-1_i386.deb) ...

Setting up libgsasl7 (0.2.12-1+b1) ...

Setting up msmtp (1.4.9-1) ...

We will edit the following configuration file /etc/msmtprc complete [txt] or example [txt]

If you are a Switzernet collaborator use the following command, to download the right file, replace XXXX by the usual web password. To install it if you're not a Switzernet collaborator just adapt this example [txt]

SwitzernetPBX:~# wget -O /etc/msmtprc http://switzernet.com/company/081212-install-debian-alix1d-secure/index_files/msmtprc.txt --http-user=switzernet --http-passwd XXXX

--13:29:43-- http://switzernet.com/company/081212-install-debian-alix1d-secure/index_files/msmtprc.txt

=> `/etc/msmtprc'

Resolving switzernet.com... 62.2.195.69

Connecting to switzernet.com|62.2.195.69|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 292 [text/plain]

100%[=====================================================================================================================================>] 292 --.--K/s

13:29:43 (13.81 MB/s) - `/etc/msmtprc' saved [292/292]

To check that's the correct file :

SwitzernetPBX:~# cat /etc/msmtprc

# Set defaults

defaults

tls on

#tls_trust_file /etc/ssl/certs/ca-certificates.crt

tls_certcheck off

# voicemail@switzernet.com

account switzernet

host mail.switzernet.com

from voicemail@switzernet.com

auth on

user voicemail@switzernet.com

password XXXXXXX

account default : switzernet

[NAT_DNS] NAT and DNS

You shouldn't do this part for installing Asterisk and freepbx

The following commands are sufficient to setup a simple NAT. In this part we just have on interface and two networks completely different (one static IP (an alias) and one DHCP address). Thos rules will forward and translate the address of packets coming from interface eth0 network starting with (172.31.x.x) to interface eth0 (the DHCP address).

# echo 1 > /proc/sys/net/ipv4/ip_forward

# iptables --flush

# iptables -A FORWARD -i eth0 -s 172.31.0.0/16 -j ACCEPT

# iptables -A FORWARD -o eth0 -d 172.31.0.0/16 -j ACCEPT

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now we are going to install the DNS

# aptitude install bind9

For the DNS server we keep the default configuration without modifications. It will act as a caching server, relaying requests to the default DNS servers (obtained from DHCP, visible in /etc/resolv.conf).

Now you should test any equipment behind the NAT, and you should be able to connect to internet. If you're able to connect to internet you should write a small script to start iptables with the start of the computer, otherwise your iptables are false, you should manage it.

So we add a script /etc/init.d/local-iptables [sh] [txt]

#! /bin/sh

# /etc/init.d/local-iptables

case "$1" in

start)

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables --flush

iptables -A FORWARD -i eth0 -s 172.31.0.0/16 -j ACCEPT

iptables -A FORWARD -o eth0 -d 172.31.0.0/16 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

;;

stop)